Do you understand the difference?
Simply put, vulnerability scanning is passive and penetration testing is active. Both of these assessments/tests have value and both can assist in your overall ability to evaluate your external security exposure.
So, why do either (or both)? Well, for starters because the hackers are doing both too. But also, this can be compared to your
External Vulnerability Assessment
External Vulnerability Scanning is non-intrusive. The purpose is not to attempt to exploit the vulnerabilities. The analysis is designed to determine if it is possible for external parties to access your systems. So, the focus is more on potential threats. The outcome is a score-based rating system and remediation recommendations are provided to help address any issues found. This is a sample of the report provided:
External Penetration Assessment
External Penetration testing focuses on the critical threats to your organization. This test consists of manual processes that mimic a bad actor and their techniques. With your approval, a security professional or vCISO attempts to gain access to your environment to try to exploit any vulnerabilities. After successfully exploiting your perimeter, the security professional or vCISO then attempt lateral movement within your network.
Conducting an Assessment
When is the last time you truly tested your network and had a view of what you were
- External Vulnerability Testing
- External Penetration Testing
- Exploitation and Compromise
- Physical and Social
- Spear-Phishing and Social Engineering tactics
- Physically infiltrate locations
- DarkWeb Discovery
- Sensitive corporate and customer data
- Compromised credentials
- Insider information and trade secrets
Our external vulnerability assessments, penetration tests